Mirrors/gomuks
1
0
Fork 1
mirror of https://github.com/tulir/gomuks.git synced 2025-04-20 10:33:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

server: remove header validation for websockets

Browse source
This commit is contained in:
Tulir Asokan 2024-10-15 00:14:55 +03:00
parent ce43c6946c
commit c16a2c2c80
2 changed files with 1 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
server.go
View file

@ -162,7 +162,7 @@ func isUserFetch(header http.Header) bool {
func (gmx *Gomuks) AuthMiddleware(next http.Handler) http.Handler { func (gmx *Gomuks) AuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Header.Get("Sec-Fetch-Site") != "same-origin" && !isUserFetch(r.Header) { if r.Header.Get("Sec-WebSocket-Key") == "" && r.Header.Get("Sec-Fetch-Site") != "same-origin" && !isUserFetch(r.Header) {
ErrInvalidHeader.WithMessage("Invalid Sec-Fetch-Site header").Write(w) ErrInvalidHeader.WithMessage("Invalid Sec-Fetch-Site header").Write(w)
return return
} }

4
websocket.go
View file

@ -54,10 +54,6 @@ const (
var emptyObject = json.RawMessage("{}") var emptyObject = json.RawMessage("{}")
func (gmx *Gomuks) HandleWebsocket(w http.ResponseWriter, r *http.Request) { func (gmx *Gomuks) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
if r.Header.Get("Sec-Fetch-Mode") != "websocket" {
ErrInvalidHeader.WithMessage("Invalid Sec-Fetch-Dest header").Write(w)
return
}
var conn *websocket.Conn var conn *websocket.Conn
log := zerolog.Ctx(r.Context()) log := zerolog.Ctx(r.Context())
recoverPanic := func(context string) bool { recoverPanic := func(context string) bool {